In the past few years, many CIOs in large enterprises and government organizations got a seat at the business table as they positioned themselves as business enablers rather than mere IT caretakers. The emergence of new disciplines such as Technology Business Management (TBM) helped these CIOs better align themselves with business strategies and manage IT from the business value versus the technical perspective.
Yet, for many, there was still one large IT discipline that was considered too complicated to provide good value indicators that everybody, from IT to the business and the board, would understand: cybersecurity.
Fortunately, the development of new standard models such as Factor Analysis of Information Risk (FAIR) to evaluate the bottom-line impact of cybersecurity events and of risk mitigation initiatives have removed that barrier. Many organizations that have adopted TBM are now looking at FAIR as a way to extend cost-effective decision-making and business-aligned reporting to the discipline of cybersecurity.
The promise of TBM is to enable CIOs to translate IT into business value terms, so that executives can effectively decide on technology options and new investments to improve business outcomes, customer engagement and competitiveness. A standard taxonomy and set of best TBM practices have been developed under the auspices of the TBM Council.
Some of the core tenets of TBM include:
How does cybersecurity fit in this picture? Keep reading…
While CIOs are driving the rapid digitalization of business processes to enable phenomenal efficiencies and growth, this also brings a new range of technology risks that need to be understood and managed.
It is not coincidental then, that a standard methodology for quantifying and managing cyber risk in any organization was being developed in parallel to TBM. FAIR provides a standard risk taxonomy as well as a model for understanding, analyzing and quantifying information risk in financial terms. Unlike traditional risk assessment frameworks that focus their output on qualitative and highly subjective color charts or numerical weighted scales, FAIR builds a foundation for developing an economics-driven approach to cyber risk management.
Organizations implement FAIR with the help of purpose-built solutions such as RiskLens to:
See now why many organizations that have adopted TBM are turning to FAIR as a model for integrating cybersecurity into their TBM strategy? Quantifying cyber risk in financial terms enables the same level of business-aligned and data-driven decision making that is core to TBM.
Cyber risk economics is here and organizations such as ADP, Bank of America and HPE are leveraging both TBM and FAIR for managing IT and cybersecurity from the business perspective.
|FAIR is an international standard by The Open Group, a global standards consortium sponsored by over 500 large enterprises and government and academic institutions and is supported by an expert organization and large community called the FAIR Institute.
Resources to learn more about FAIR include an award-winning book (“Measuring and Managing Information Risk: A FAIR Approach“) and an acclaimed training program and certification process.
RiskLens is a Strategic Sponsor of the TBM Conference 2017. If you are interested in learning more, representatives will be at hand at the RiskLens booth in the Sponsor Networking Pavillion.